Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11887

[GSS](7.0.z) SP can not parse SAML response if namespace is declared in root element

XMLWordPrintable

    • Hide

      1. untar reproducer.tar.gz
      2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/
      3. start EAP
      4. cd fake-idp
      5. mvn -Pwildfly clean package wildfly:deploy
      6. cd ../picketlink-federation-saml-sp-with-encryption
      7. mvn -Pwildfly clean package wildfly:deploy
      8. access http://localhost:8080/sales-post-enc/ with your browser

      Show
      1. untar reproducer.tar.gz 2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/ 3. start EAP 4. cd fake-idp 5. mvn -Pwildfly clean package wildfly:deploy 6. cd ../picketlink-federation-saml-sp-with-encryption 7. mvn -Pwildfly clean package wildfly:deploy 8. access http://localhost:8080/sales-post-enc/ with your browser
    • EAP 7.0.8

      If the namespace xenc is declared in the root element of SAML response, SP throws the following exception:

      2017-05-16 17:12:24,703 ERROR [org.picketlink.common] (default task-23) Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: PL00102: Processing Exception:
        at org.picketlink.common.DefaultPicketLinkLogger.processingError(DefaultPicketLinkLogger.java:174)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:554)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:480)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:142)
        at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
        at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
        at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:530)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:313)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:275)
        at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:244)
        at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:230)
        at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124)
        at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
        at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
        at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: ParsingException [location=null]org.picketlink.common.exceptions.ParsingException: PL00074: Parsing Error:The prefix "xenc" for element "xenc:EncryptedData" is not bound.
        at org.picketlink.common.DefaultPicketLinkLogger.parserError(DefaultPicketLinkLogger.java:490)
        at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:217)
        at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:512)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:534)
        ... 37 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2721; The prefix "xenc" for element "xenc:EncryptedData" is not bound.
        at org.apache.xerces.parsers.DOMParser.parse(DOMParser.java:245)
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:298)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
        at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:213)
        ... 39 more

        1. reproducer.tar.gz
          1.43 MB

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-bmaxwell Brad Maxwell
              Ivo Hradek Ivo Hradek (Inactive)
              Ivo Hradek Ivo Hradek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: